Monday, November 24, 2008

I have a laptop with Linux (currently Ubuntu) which I use both at home and at work. The corporate security policy requires everyone to use the HTTP proxy server with authentication for web access, so when I come to work I had to manually enable it, and then disable again at home - not very convenient.

As a side note, Firefox 3+ is great in respecting the global or system-wide proxy configuration (System->Preferences->Network proxy or gnome-network-preferences) as well as gnome-terminal is very nice to set the http_proxy environment variable automatically when proxy is configured, making most command-line tools respect the global proxy setting as well, which is very cool.

So, before network profiles have arrived to Gnome or NetworkManager (I have seen some related commits in Gnome SVN), I still want to enable the proxy automatically depending on my location. Thankfully, NetworkManager supports execution of scripts when it brings interfaces up or down, so this is not difficult at all.

At least on Ubuntu, NetworkManager executes the scripts that are located in /etc/NetworkManager/dispatcher.d/ when it brings interfaces up. Inside of the script I can detect whether I am at work by checking the domain name in /etc/resolv.conf provided by the corporate DHCP server, or the beginning of the assigned IP address if domain can't be used for any reason.

OK, here is the working script for Ubuntu Karmic, Jaunty and Intrepid (Gnome 2.24+), see notes below for older versions. I have this script in /etc/NetworkManager/dispatcher.d/02proxy, because 01ifupdown already exists there.

It is an updated version, attempting to make the script suitable for more general use, eg in our company we now provide it in a .deb package for all Ubuntu-based laptops.

#!/bin/bash# The script for automatically setting the proxy server depending on location.# Put it under /etc/NetworkManager/dispatcher.d/02proxy# Create also the /etc/NetworkManager/proxy_domains.conf, specifying the mapping of# DHCP domains to proxy server addresses, eg "example.com proxy.example.com:3128"# Written by Anton Keks

have gconftool-2, zenity and kinit installed (gconf2, zenity, krb5-user packages in Ubuntu). Install gconf-editor as well for a graphical config editor.

create /etc/NetworkManager/proxy_domains.conf, specifying the mapping of DHCP domains to proxy server addresses, eg "example.com proxy.example.com:3128". Specify each domain on a new line.

The script doesn't need you to hardcode your username and the proxy password anymore - the script will ask you for these values on first run and then store them in $HOME/.proxy:$DOMAIN file, so the script is now perfectly usable on multiuser machines and doens't bug you in case of 'unknown' domains.

For more functionality, it even tries to retrieve the Kerberos ticket for you, if the kerberos is configured properly in /etc/krb5.conf. You can check if this is the case by running this on the command-line:

kinit your-user-name; klist

This works very well for me and saves several mouse clicks every morning :-)

Note to Gnome 2.22 and older users (Ubuntu Hardy, etc): I had this script initially done in Hardy, but after upgrading to Intrepid (Gnome 2.24) it stopped working. The reason was that starting from Gnome 2.24, the gconf setting of /system/http_proxy/use_http_proxy is not the primary one and has been replaced by /system/proxy/mode, which takes one of three values: 'auto', 'manual' and 'none'. In Intrepid, if you set only /system/http_proxy/use_http_proxy as before - it has no effect, you need to set /system/proxy/mode to manual, and this will set the value of the old setting to 'true' automatically.

Another thing introduced with Intrepid is the need to set the DBUS_SESSION_BUS_ADDRESS environment variable (the script steals it from the x-session-manager process) - this is because gconfd has switched to DBUS from CORBA for a communication protocol. If you have older Gnome, then you may omit these 2 lines involving DBUS.